Merge pull request #40 from Rakshitha650/develop

[DSD-4658] updated the opencrvs installation scripts
mosip · Mar 14, 2024 · d5a6b23 · d5a6b23
2 parents 3756860 + 88117e9
commit d5a6b23
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 25 deletions.
diff --git a/deployment/README.md b/deployment/README.md
@@ -5,7 +5,7 @@ This document describes deployment of `mosip-side-mediator` and `registration-pr
 
 ## Prerequisites
 The following command line utilities.
-  - `psql`, `kubectl`,`helm`,`bash`, `curl`, `jq`
+- `psql`, `kubectl`,`helm`,`bash`, `curl`, `jq`
 
 ## Installation
 - Set up `mosip_opencrvs` db:
@@ -43,31 +43,14 @@ The following command line utilities.
   - `SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL`
   - `PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL`
 - Apart from creating the partner keycloak client, create a new user with the same username as the partner name (that was previously given), with any password.
-
-- Run the `keycloak-init.sh` script to create a client and user, as described above
-   ```
-   ./keycloak-init.sh <cluster-kubeconfig-file>
-   ```
 - Get certificate from OpenCRVS.
+- Get the opencrvs_client_id opencrvs_client_secret_key opencrvs_client_sha_secret from OPENCRVS
+- Get the mosip_opencrvs_partner_client_id mosip_opencrvs_partner_client_secret mosip_opencrvs_partner_client_sha_secret mosip_opencrvs_uin_token_partner from MOSIP
+- During the execution of the `install.sh` script, it will prompt for the private key and public key. Please ensure to provide the certificates supplied by the MOSIP team when prompted.
 - Run the following to install the mediator and components (The script will prompt for inputs):
     ```
     ./install.sh <cluster-kubeconfig-file>
     ```
-  - OR Pass the following environment variables to the above script, if it is not desired to prompt for inputs:
-    ```
-    export OPENCRVS_AUTH_URL=
-    export OPENCRVS_LOCATIONS_URL=
-    export OPENCRVS_RECEIVE_CREDENTIAL_URL=
-    export OPENCRVS_CLIENT_ID=
-    export OPENCRVS_CLIENT_SECRET=
-    export OPENCRVS_CLIENT_SHA_SECRET=
-    export MOSIP_OPENCRVS_PARTNER_CLIENT_ID=
-    export MOSIP_OPENCRVS_PARTNER_CLIENT_SECRET=
-    export MOSIP_OPENCRVS_PARTNER_CLIENT_SHA_SECRET=
-    export MOSIP_PRIVATE_KEY_PATH=
-    export OPENCRVS_PUBLIC_KEY_PATH=
-    ./install.sh <cluster-kubeconfig-file>
-    ```
 - Share the details with OpenCRVS: auth_url(mosip keycloak url), partner_client_id, partner_client_secret, partner_username, partner_password.
 - Share MOSIP OpenCRVS Mediator public Certificate (that was created above).
 
@@ -85,4 +68,4 @@ The following command line utilities.
 - Run:
     ```sh
     ./delete.sh <cluster-kubeconfig-file>
-    ```
+    ```
diff --git a/deployment/install.sh b/deployment/install.sh
@@ -23,6 +23,60 @@ echo Copy Configmaps.
 echo Copy Secrets.
 ./copy_secrets.sh
 
+read -p "Please provide mosip private key file : " MOSIP_PRIV_KEY
+  if [ -z "$MOSIP_PRIV_KEY" ]; then
+    echo "MOSIP Private key file not provided; EXITING;";
+    exit 0;
+  fi
+  if [ ! -f "$MOSIP_PRIV_KEY" ]; then
+    echo "MOSIP Private key not found; EXITING;";
+    exit 0;
+  fi
+read -p "Please provide opencrvs pub key file : " OPENCRVS_PUB_KEY
+
+  if [ -z "$OPENCRVS_PUB_KEY" ]; then
+    echo "Opencrvs public key file not provided; EXITING;";
+    exit 0;
+  fi
+  if [ ! -f "$OPENCRVS_PUB_KEY" ]; then
+    echo "Opencrvs Public key not found; EXITING;";
+    exit 0;
+  fi
+
+cat "$MOSIP_PRIV_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/mosip-priv.key
+cat "$OPENCRVS_PUB_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/opencrvs-pub.key
+
+kubectl -n $NS create secret generic opencrvs-certs \
+  --from-file="/tmp/mosip-priv.key" \
+  --from-file="/tmp/opencrvs-pub.key"
+
+read -p "Enter opencrvs_client_id: " opencrvs_client_id
+read -p "Enter opencrvs_client_secret_key: " opencrvs_client_secret_key
+read -p "Enter opencrvs_client_sha_secret: " opencrvs_client_sha_secret
+
+read -p "Enter Kubernetes namespace: " namespace
+kubectl create secret generic opencrvs-client-creds \
+  --namespace=$namespace \
+  --from-literal=opencrvs_client_id="$opencrvs_client_id" \
+  --from-literal=opencrvs_client_secret_key="$opencrvs_client_secret_key" \
+  --from-literal=opencrvs_client_sha_secret="$opencrvs_client_sha_secret"
+
+read -p "Enter mosip_opencrvs_partner_client_id: " mosip_opencrvs_partner_client_id
+read -p "Enter mosip_opencrvs_partner_client_secret: " mosip_opencrvs_partner_client_secret
+read -p "Enter mosip_opencrvs_partner_client_sha_secret: " mosip_opencrvs_partner_client_sha_secret
+read -p "Enter mosip_opencrvs_uin_token_partner: " mosip_opencrvs_uin_to
+
+read -p "Enter Kubernetes namespace: " namespace
+
+kubectl create secret generic mosip-client-creds \
+  --namespace=$namespace \
+  --from-literal=mosip_opencrvs_partner_client_id="$mosip_opencrvs_partner_client_id" \
+  --from-literal=mosip_opencrvs_partner_client_secret="$mosip_opencrvs_partner_client_secret" \
+  --from-literal=mosip_opencrvs_partner_client_sha_secret="$mosip_opencrvs_partner_client_sha_secret" \
+  --from-literal=mosip_opencrvs_uin_token_partner="$mosip_opencrvs_uin_token_partner"
+
+echo "Secrets created successfully!"
+
 echo Installing mosip-side opencrvs-mediator...
 helm -n $NS install opencrvs-mediator mosip/opencrvs-mediator \
   --version $CHART_VERSION \

diff --git a/deployment/values.yaml b/deployment/values.yaml
@@ -3,7 +3,4 @@ mediator:
     authUrl: https://auth.farajaland.opencrvs.org/authenticateSystemClient
     receiveCredentialUrl: http://opencrvs-side-mediator.opencrvs-side-mediator/birthReceiveNid
     locationsUrl: https://gateway.farajaland.opencrvs.org/location
-    clientId: "opencrvs"
-    clientSecret: "1234"
-    clientShaSecret: "12345"